JVNDB-2008-000063

EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#61543834, JVN#26621646, and JVN#99916563.

Naruhisa Tadokoro of Kobe Digital Labo.,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.